finance security handbook documents...finance security handbook 2 of 28 revised 11.20.2020 section...

Finance Security Handbook

1 of 28 revised 11.20.2020

Finance Security Handbook Table of Contents

Section 1: Overview

Pages 2 - 4

Section 2: Accounting & Reporting at Columbia (ARC) and Concur Roles

Pages 5 - 11

Section 3: FinSys Roles

Page 12

Section 4: Requesting Access on the Columbia University Financial Systems Security Application

Pages 13 – 24

Section 5: Finance Security Applications – Manager Approval Process

Pages 25 - 26

Section 6: Finance Security Applications – DAF Administrator Approval

Page 26 - 28


2 of 28 revised 11.20.2020

Section 1: Overview

Introduction to Finance Security

The Finance Security Handbook is designed to assist faculty and staff in the schools and departments who need to either request or approve system access to any of the Columbia University Financial systems. These systems include: Accounting & Reporting at Columbia (ARC), Concur, FINSYS/Financial Front End (FFE), and the Financial Data Store (FDS). This handbook will describe the financial systems, the various roles available to departments to transact within those systems, and the application process. All security role requests must be approved by both the requestor’s manager and the Departmental Authorization Function (DAF) Administrator for the school/admin unit. DAF authority is a critical component of the University’s control system. It assigns levels of authority to University employees to approve key transactions on the University’s behalf and details the responsibilities when reviewing and approving transactions. Please review and familiarize yourself with the Departmental Authorization Function policy for the University. The DAF policy can be found in the University Policy Library.

Overview of Financial Systems

There are four primary financial systems at Columbia University: Accounting & Reporting at Columbia (ARC), Concur, FINSYS/Financial Front End (FFE), and the Financial Data Store (FDS). This handbook covers these systems. In addition, the People@Columbia (PAC) system is used for all Human Resources transactions; consult the PAC handbook for more information. Accounting & Reporting at Columbia (ARC): ARC is the University’s primary financial system. It is the PeopleSoft Financials Enterprise Resource Planning (ERP) system. The following functionality is available via ARC:

• General Ledger (GL) with Commitment Control (KK)

• Project Costing (PC)

• Payables (AP)

• Purchasing (PO)

• eProcurement (ePro), requisitioning only

• P-Card reconciliation and approval Concur: Concur is the Columbia Travel and Expense system. It is a cloud-based solution offering paperless, electronic travel request and reimbursement. Concur will automate travel request, booking, and expense reporting of the campus business travel. The following access will be available:

• Concur Travel Arranger

• Concur Initial Reviewer

• Concur Financial Approver

• Travel Expense and Reimbursement Corporate Card

• Concur Adhoc Approver

• Concur Reporting Manager

• Senior Business Officer Approver Role

FINSYS: FAS was the University’s legacy financial system. FINSYS was comprised of modules to facilitate transacting and reporting. A number of modules, and the maintenance of certain access, have been retained in FINSYS rather than being integrated into ARC. These modules are:

• Budget Tool

• Time Collection (ZT)

• Cash Entries

• PAD Reporting

• Endowment Term Sheets

http://policylibrary.columbia.edu/departmental-authorization-functionhttp://managers.hr.columbia.edu/tig/people-columbia-pac-toolkit/system-access-and-availability


3 of 28 revised 11.20.2020

Financial Data Store (FDS): FDS is the University’s financial data repository. Through the FDS users can access information that will assist in managing their financial responsibilities including budgeting, transacting, monitoring and analyzing financial activity.


4 of 28 revised 11.20.2020

Overview of Security Roles

A security role is the specific authorization given to a user to enable him/her to complete financial activities in ARC, Concur, FINSYS, and FDS. This includes viewing data. A user’s security roles define the activities a user can complete, including:

• Initiating transactions in the above financial systems

• Approving transactions in the above financial systems

• Viewing data and reports in ARC, Concur and FDS

Applying for Security Access

Security roles are obtained by completing the Financial Systems Security Application which can be found in the ServiceNow Service Catalog.

All financial security roles must be formally requested using the application and approved by both the user’s manager and by the DAF Administrator for the school/admin unit to which access is being requested.

Required Training

A user’s security access will only be granted once all training requirements for the roles requested on the security application have been completed. The user will receive an email describing the training requirements when security access is requested. The user will then need to complete any required training before security roles can be assigned.

https://columbiadev.service-now.com/navpage.do


5 of 28 revised 11.20.2020

Section 2: Accounting & Reporting at Columbia (ARC) and Concur Roles

Types of Roles

Financial system security roles are divided into three basic types of roles:

• Page Access: Defines the pages a user can navigate to and the transactions a user can view/initiate. The departments for which a user will transact are not defined for page access.

• Workflow Access: Defines the approval authority a user has for transactions on the related Pages. Departments must be selected as part of the role request. In addition, procurement workflow roles require dollar thresholds. Workflow routing is based on the departments and other characteristics of the transaction, such as the dollar amount of procurement transactions.

• Inquiry Access: Defines the data to which a user has access to view and report on. Inquiry access is generally defined by the departments for which a user can see financial and transactional information. However, in certain circumstances, inquiry access may be defined by ChartField (e.g., Project).

Descriptions for ARC and Concur Roles

The following tables describe the role(s) and associated training for each of the ARC modules and Concur roles. Please note that all shaded roles indicate that the role is a special request, and will be reviewed by the University Controller’s Office, in addition to the normal review and approval process, before the role is granted to the user.

All training courses marked with an asterisk (*) have a required Knowledge Assessment or Training Acknowledgement associated with the training course.


6 of 28 revised 11.20.2020

Purchasing Roles

Role Name Description Security

Application Training Required

CU Travel Arranger Book travel for Guests Section 2.1

No training required

Requisition Initiator

• Create, update, and cancel requisitions based on need and requests

• Create and update receipts

• Run budget checking process

• Create, update and cancel change orders

• Create and view the requestor workbench page

• Create/update receipts

Section 2.1

• Introduction to ARC

• Introduction to Purchasing

• Vendor Processing

• Requisitions, Change Orders, and Purchase Orders*

• Reporting Overview

Receiver Only Create/update receipts (The receiver role is part of the Requisition Initiator role. However, it can also be administered separately with only the receiver functionality)

Section 2.2



• Receiving in ARC*


Department Requisition Approver

Approve requisition transactions for your department(s). There are 7 dollar thresholds available:

• Department Level Approval, $0 - $500

• Department Level Approval, $500.01 - $2,500

• Department Level Approval, $2,500.01 - $15,000





Section 2.1



• Managing Procurement Approvals*


Requisition Ad Hoc Approver

The ad hoc approver role does not replace the department approver for the transaction; it inserts the user as an additional approver for the transaction. (Procurement Ad Hoc Approver is only for users who do not have the Requisition Approver role.)

Section 2.2



• Introduction to AP



Special Roles – Requires Additional Controller’s Office Review

Department Requisition Approver (High Dollar Thresholds)

Approve high dollar requisition transactions for your department(s). There are 5 dollar thresholds available:

• Department Level Approval, $500,001 - $1,000,000




• Department Level Approval, $500,001 - Unlimited

Section 3.1





Bypass Purchasing Segregation of Duties

• Role enables a user to bypass the segregation of duties approval requirements.

• Limited to those departments that have only one person who can have the Requisition Initiator and Requisition Approver roles

Section 3.3

N/A (Training is associated with the Requisition Initiator and Department Requisition Approver roles)

Notes:

Department level approval is based on the department(s) charged in the requisition or change order transaction. Users may have multiple levels of approval, as they are not cumulative (i.e. if a user only has the Department Requisition Approver $2,500 - $15,000, he/she will not receive any transactions in his/her worklist that are between $0-$500 or $500-$2,500 Levels).


7 of 28 revised 11.20.2020

Accounts Payable Roles



Voucher Initiator Enter, update or cancel vouchers for the following voucher styles: Regular, Reversal, Adjustment, Journal, and Template vouchers

Section 2.1



• Voucher Processing*


Concur Initial Reviewer Reviewing Travel and Business Expense Reports and Travel / Cash Advances prior to Financial Approval.

Section 2.1 • Managing Travel and

Expense Approvals in Concur*

Department Voucher Approver

Approve the following voucher transactions for your department(s): Regular, Reversal, Adjustment, Journal, and Template vouchers. There are 7 dollar thresholds available:

• Department Level Approval, $0 - $500

• Department Level Approval, $500.01 - $2,500






Section 2.1





Concur Financial Approver

Approving Travel and Business Expense Reports and Travel / Cash Advances.



Voucher/Concur Ad Hoc Approver

The ad hoc approver role does not replace the department approver for the transaction; it inserts the user as an additional approver for the transaction. Responsible for approving Travel and Business Expense Reports and Travel / Cash Advances. (Voucher Ad Hoc Approver is only for users who do not have the Department Voucher Approver role.)

Section 2.2

• Managing Procurement Approvals in ARC*

• Managing Travel and Expense Approvals in Concur*

Concur Temporary Access

Concur Request and Expense User (can be assigned as a Travel Delegate) who needs temporary access (e.g. Consultant, Affiliate, etc.)

Section 2.2 No training required


Department Voucher Approver (High Dollar Thresholds)

Approve high dollar voucher transactions for your department(s). There are 5 dollar thresholds available:





• Department Level Approval, $500,001 – Unlimited

Section 3.1





Concur Financial Approver

Approving Travel and Business Expense Reports and Travel / Cash Advances $50,000 and over.



Senior Business Officer Approving Expense Reports and Travel / Cash Advances when specific audit criteria are present (e.g. Policy Exceptions)



Interface Voucher Processing

• Role enables users to send ARC voucher files from integrating systems (e.g., IDX, Skire, VPay)

• Can also select additional role to process single payment vouchers to one-time vendors

Section 3.2



• Processing Interface Vouchers*



8 of 28 revised 11.20.2020

Accounts Payable Roles



Bypass Accounts Payable Segregation of Duties

• Role enables a user to bypass the segregation of duties approval requirements.

• Limited to those departments that have only one person who can have the Voucher Initiator and Voucher Approver roles

Section 3.3

N/A. (Training is associated with the Voucher Initiator and Department Voucher Approver roles)

Additional Account Access for Procurement Transactions

Role enables user to charge procurement transactions to non-expense accounts

Section 3.4

N/A. (Training is associated with the Voucher Initiator and Department Voucher Approver roles)

Notes:

Department level approval is based on the department charged in the voucher transaction. Users may have multiple levels of approval, as they are not cumulative (i.e. if a user only has the Department Voucher Approver $2,500 - $15,000, he/she will not receive any transactions in his/her worklist that are between $0-$500 or $500-$2,500 Levels). Procurement Initiator and Approver Roles also require a requestor profile:

• Origin: generally the prefix of your administrative department. This assigns a default department to the transactions you create to facilitate reporting and searching for transactions.

Procurement Card Roles



Travel and Business Expense Corporate Card Holder

(NOT AVAILABLE TO ALL USERS, ISSUED ON A LIMITED BASIS ONLY) Provides user with a Procurement Card (P-Card) in order to make eligible travel purchases for non-Columbia employee business and travel expenses.

Section 2.3 • Travel and Expense

Corporate Card Policy and Usage Training *

P-Card Holder Provides user with a Procurement Card (P-Card) in order to make eligible purchases of goods and limited services up to $2,500.

Section 2.3 • Classroom training

P-Card Reviewer Enables user to view P-Card transactions of assigned cardholder(s). Section 2.3 • N/A (training associated

with P-Card Holder role)

P-Card Reconciler

• Review and reconcile transactions for assigned card(s)

• Allocate ChartStrings for transactions

• Input business purpose and attach receipts

• Flag disputed transactions

Section 2.3 • Introduction to ARC

• Reconciling P-Card Transactions*

P-Card Approver

• Review and approve transactions for assigned card(s); ensure transactions are appropriate and within University policies

• Reallocate/approve ChartStrings Must have DAF voucher approval authority of $2,500 or greater


• Reconciling P-Card Transactions*


9 of 28 revised 11.20.2020

General Ledger Roles


Application Required Training

Internal Transfer Initiator

Enter internal transfer journal entries online or using the worksheet upload tool

Section 2.4


• Introduction to GL

• Journal Entries*


Internal Transfer Department Approver

View and approve internal transfer entries in ARC Section 2.4



• Managing GL Approvals*


Bypass Segregation of Duties on Internal Transfer transactions

• Role enables user to bypass the segregation of duties approval requirement, for users with both Internal Transfer Initiator and Internal Transfer Approver roles.

• Applies only to expense transfers and unrestricted fund transfers and does not allow user to bypass foreign approval of transactions, when applicable.

Section 2.4

N/A (Training is associated with the Internal Transfer Initiator or Internal Transfer Approver roles)

ChartField Requester Provides access to ARC ChartField request form for the purpose of requesting changes and/or updates to ChartField and attribute values.




General Journal Initiator • Role is given to users who need to create special journal entries,

transacting on the balance sheet.

• Enter journal entries online or using the worksheet upload tool.

Section 3.6





General Journal Department Approver

• Role is typically given to users needing access to approve special journal entries, transacting on the balance sheet.

• View and approve journal entry pages in ARC

Section 3.6





ChartField Request Department Approver

• Enables user to approve changes and/or updates to ChartField and attribute values via the ARC ChartField request form

• Role should only be requested for Senior Business Officers



Departmental Cash Account Initiator (and Inquiry)

• Role enables user to enter cash transactions in ARC

• Role is associated with the appropriate bank account department (25XXXXX)

Section 3.7





Departmental Cash Account Approver (and Inquiry)

• Role enables user to approve cash transactions in ARC

• Role is associated with the appropriate bank account department (25XXXXX) and school/admin unit department(s)

Section 3.7






Grant Recharge Center Initiator

• Enables user to enter internal transfer transactions against specific recharge accounts and bypass foreign department and SPF approval.

• Transactions will be routed to the Internal Transfer Approver for the recharge department, rather than the approver for the department being charged.

• To be a grant recharge center initiator, department must have a grant recharge license, issued by SPF

Section 3.8





Non-grant Recharge Center Initiator

• Enables user to enter internal transfer transactions against specific recharge accounts and bypass foreign department approval.

• Transactions will be routed to the Internal Transfer Approver for the recharge department, rather than the approver for the department being charged

Section 3.8





Special Business Unit Access

• Provides access to special business units (e.g., Kraft Center or Reid Hall), in addition to the standard Columbia business units assigned to each user by campus



10 of 28 revised 11.20.2020

Reporting Roles

Reporting Roles


Application Required Training

Financials Inquiry

Provides inquiry access, query access and reporting (in both ARC and FDS) of financial data:

• Journal entries and account balances

• ChartField attributes

• Budget details, budget exceptions, and budget checking

• Project costing

Section 2.4 --or-- Section 2.5

The following training is not required but highly recommended


• Reporting for Inquiry Only

Procurement Inquiry

• Specific to those users needing access to inquire and report on Procurement transactions (AP/PO) directly in ARC.

• View queries and reports for requisitions, purchase orders, receipts, vouchers, payments and contracts.

• Create and view requester workbench page/view.

• View vendor information and inquiries with the exception of the payable link and the financial sanctions inquiry page.

• Run ARC delivered and customized vendor reports.

Section 2.1 --or-- Section 2.2

The following training is not required but highly recommended:


• Reporting for Inquiry Only

Concur Reporting Manager

• Provides access to run reports which includes travel and business expenses for all users in the reporting manager’s Sub-Division unit and WTI generated reports via email weekly and monthly.

• Access assigned at the Dept Tree Level 6 node


Block Payroll Natural Accounts

• This excludes payroll balances in all financial reporting (ARC & FDS). This role should be given in rare circumstances when a user should not see payroll balances (balances on payroll Accounts) – this will limit a user’s ability to run certain reports and will result in certain reports having blank rows.

• Excluding payroll balances also limits the ability to run COB reports.

• Blocking Payroll Natural Accounts is different from PAD access; PAD is given in FINSYS/FFE and governs employee-level payroll detail.

Section 2.5 N/A (Training is associated with the Financial Inquiry role)


Advanced PS Query Reporting

• Role is given to users who need to create their own queries in the ARC Reporting environment.

• Users must also have the financials inquiry role; advanced reporting departments must match the financial inquiry departments.

Section 3.10



• PS Query Reporting*


11 of 28 revised 11.20.2020

Special Considerations for FDS Reporting:

• Financials Inquiry – there are four potential components that can be granted:

o Financials Inquiry – access is granted via the Financial Systems Security Application, and departments for inquiry are assigned along with the inquiry role.

o Block Payroll Natural Accounts - this would be an unusual request, to limit access to view payroll totals by blocking payroll natural account lines in reports. Blocking payroll accounts will preclude a user from running COB reports as well, even if he/she has access to the budget tool.

o PAD Access – Provides access to detailed payroll reporting by employee. PAD is governed by FINSYS/FFE security access, and is described in more detail in the FINSYS/FFE section of this handbook (see “Section III – FINSYS/FFE Roles”).

o Reporting by ChartField – Reporting access is typically granted based on department-level access to data. However, in certain circumstances, access can be given based on ChartFields rather than departments. Special reports, such as Summary Reports by ChartFields, utilize “ownership” of Project, Initiative, or Segment. Owners can see all activity for these ChartFields, across all departments.

▪ There are special FDS reports designed for Projects, Initiatives and Segments that base security on the “Responsible Person” or “Report Distribution” attributes on the Project, Initiative or Segment.

▪ A user would apply for this access using the Financial Inquiry Application (an application separate from the Financial Systems Security Application)

1. Types of Reports:

2. Roles needed to run each type of Report:

Can run report for

Can run report for


12 of 28 revised 11.20.2020

Section 3: FinSys Roles

Types of Roles

There are four types of access that can be granted in the FINSYS modules:

• Inquiry (I): can view information, but not process transactions.

• Initiator (Create/Modify/Delete CMD): gives processing rights, and automatically includes inquiry rights.

• Preliminary Approval (P): gives preliminary approval rights, and automatically includes inquiry, create/modify/delete. Final approval of a transaction will still be required.

• Final Approval (F): gives final approval rights for the transaction, and automatically includes inquiry, create/modify/delete.

FinSys Modules / Roles

FinSys Modules / Roles



Budget Tool (BUD)

• The Budget Tool module is used for entering and revising departmental fiscal year budgets and enables user to input a current estimate and three future year budgets.

• If the user has General Journal access in ARC the Budget dept(s) should be the same as the Journal dept(s).

• Provides inquiry access to view current and previous year prior month-end, prior full year and fund balance information.

• Budgeting access is required for COB reporting access.

Section 4.6


• Budget Tool

Cash Module (CSH)

• The Cash Module is used to record all cash and checks received by the University.

• Please review the Cash Receipts Policy in the Administrative Policy Library before applying for access to the Cash module

• Once entered and approved in the system, all monies received by departments (other than Controller’s, Treasury and Development) are to be brought to Student Financial Services for deposit.

Section 4.5

• Using FFE for Cash Deposits

PAD – Payroll Detail Reporting Information (PAD)

• PAD access is necessary in order to see payroll detail in FDS.

• This is highly sensitive information and should only be granted if needed.

• Inquiry (“I”) access allows a user to see detailed payroll data in reports

• Transaction (“CMD”) access is required for a user to make detailed payroll updates in the Budget Tool.

Section 4.7 N/A (Training is associated with the Financial Inquiry role)

Time Entry Module (ZT)

• There are three types and each is a separate module:

o Create payroll time entries for Casual Employees.

o Add or subtract pay from Bi-weekly Support Staff payrolls.

o Add or subtract pay from Weekly Union Staff payrolls.

Section 4.1 Section 4.2 Section 4.3

• Using the FFE Time Collection Module

Endowment Term Sheet (END)

This grants access to the Endowment Term Sheets (via the Endowment Administration website) which contain key terms and restrictions for the University’s endowment funds.

Section 4.4 • Endowment

Administration and Compliance Certification

http://policylibrary.columbia.edu/cash-check-handling


13 of 28 revised 11.20.2020

Section 4: Requesting Access on the Columbia University Financial Systems Security Application Accessing the Application The Financial Systems Security Application (FSSA) is available via the ServiceNow Website.

1. Please go to ServiceNow and log in with your UNI and Password. 2. You will be presented with the Finance Service Desk Homepage. In the left-hand menu, right under Self-

Service click the link to “Service Catalog.” Once selecting Service Catalog menu, you will be directed to the ServiceNow Customer Portal. In the left-hand side right under Departments click on Finance, then on Security Application Requests. You are now under Security Applications where you will select “Financial Systems Security Application.” When you are in the ServiceNow Customer Portal and click on any of the Security Application Requests, these forms will appear in a new window/tab. Please note that the left navigation bar will still be available within the original window/tab, it is just the application itself that will open in a new window/tab.

Completing the Application Section 1 – User Information The FSSA may be used to request access for yourself or access on behalf of another user. Collects information on the applicant, the manager or DAF Administrator who will need to approve the application when requesting access for yourself or collects information on the requested by person, requested for person, the manager or DAF Administrator who will need to approve the application when requesting access for another User. First, select to identify who you are requesting access for:

https://columbia.service-now.com/navpage.do


14 of 28 revised 11.20.2020

1.1 Manager/Departmental Administrator Information

If requesting access for yourself, enter your manager’s UNI, or the person in your department who is responsible for reviewing and approving the ARC roles requested. Once the UNI is entered, the rest of the Manager’s information is auto-populated.

If requesting access for another user, enter the user’s UNI, enter the manager’s UNI or the person in the department who is responsible for reviewing and approving the ARC roles requested. Once the UNI is entered, the rest of the Manager’s information is auto-populated.

Note: If you are the designated manager in addition to being the requester, type in your UNI in the manager’s field and it will route directly to the DAF Administrator.

1.2 User Type

Select the employee type. Access begin and end dates are required for:

• Consultants/Temps (access should be granted for no more than 90 days at a time)

• Affiliates (access should be granted for no more than 1 year at a time)

Consistent with the DAF Policy, only Officers may be granted transaction approval roles. Approval roles will be greyed out on the application for other User Types, so these roles will not be able to be selected.

http://policylibrary.columbia.edu/departmental-authorization-function


15 of 28 revised 11.20.2020

1.3 Access Type

Enter the type of access request. New/Update Access – access is added; Replace Access – deletes existing security access and replaces it with the new request.

1.4 DAF Administrator for departments to which you are requesting access

The DAF Administrators are the Senior Business Officers for the school/admin unit who are authorized to grant access to a certain set of departments.

Select the school/admin unit for the departments to which requesting access. For example, if requesting access to Chemistry, select Arts & Sciences from the menu. Click here for a complete list of departments and the associated DAF Administrator group.

Section 2 – ARC/Concur User Access Section 2 lists all of the Procurement, P-Card and General Ledger roles that are typical for departmental users of ARC. For a complete description of all of the roles, see pages 4-8 of this handbook.

Section 2.1 contains the typical procurement roles a user would request, relating to the purchasing and payment of goods and services, including Requisition Initiator and Approver roles, Voucher Initiator and Approver roles and Travel and Business Expense roles in Concur, including CU Travel Arranger, Concur Initial Reviewer, and Concur Financial Approver. These roles require:

• an origin code (generally the prefix of a user’s administrative department) with the exception of the CU Travel Arranger

• the Inquiry department(s)/node(s) for which the user can see transactions.

http://finance.columbia.edu/content/daf-administrators-dept


16 of 28 revised 11.20.2020

When an Approver role is selected, provide the:

• Dollar threshold(s) for transactions to be approved. Users may have multiple levels of approval, as they are not cumulative. If $501-$2,500 is selected, the user will not receive any transaction above or below those amounts.

• Department(s)/node(s) for transactions to be approved. Select the departments from the left column and click the right arrow to move to the right column. To remove a selected department, highlight the department in the right column and click the left arrow. Only a certain number of departments can be accessed with the scroll bar – use the search bar above the list of departments to search by number or name (type an * and then start typing the name).

Section 2.2 contains additional procurement roles, typically for users who don’t already have a role in section 2.1 (as the access is part of those roles). Procurement Inquiry will allow a user to inquire, view queries and report on procurement transactions. The Inquiry role will require the user to select the Inquiry department(s)/nodes(s) for which the user should view transactions. This section includes the following Concur roles, Voucher/Concur Ad Hoc Approver, Concur Temporary Access and Concur Reporting Manager (provides access at a level 6 node(s)).

Section 2.3 contains the P-card and Travel Business Expense Corporate Card. A P-card is a credit card that may be used for non-travel related small dollar purchases. The Travel Business Expense Corporate Card is issued on a limited basis to certain departments for guests and visitor travel needs. Users will be contacted by the P-card team to ensure they are linked to the appropriate cards.


17 of 28 revised 11.20.2020

Section 2.4 contains the typical general ledger roles, related to revenue and expense transactions, that a user would request, including Internal Transfer Initiator and Approver and ChartField Requester. The Internal Transfer Initiator and Approver roles both require the user to select the Inquiry department(s)/nodes(s) for which the user should view transactions. For a user that is both an Internal Transfer Initiator and Approver, the Internal Transfer Segregation of Duties Bypass may be requested, which would allow the user to approve expense and unrestricted fund transfers that the user created.

When an Approver role is selected, select the department(s)/tree node(s) for transactions to be approved. Select the departments from the left column and click the right arrow to move to the right column. To remove a selected department, highlight the department in the right column and click the left arrow. Only a certain number of departments can be accessed with the scroll bar – use the search bar above the list of departments to search by number or name (type an * and then start typing the name).


18 of 28 revised 11.20.2020

Section 2.5 contains additional general ledger roles, typically for users who don’t already have a role in section 2.4 (as the access is part of those roles). The ARC

Online Reporting role allows access to inquire and run reports in ARC and FDS. This Inquiry role will require selecting the Inquiry department(s)/nodes(s) for which the user should view transactions. Report access is typically granted based on department-level access to data. Where appropriate, reporting access may be requested based on ChartField attributes rather than departments (complete the Financial Inquiry Application in the ServiceNow Service Catalog). If a user should not have access to summary payroll information in reports, select the Block Payroll Natural Accounts. This will restrict the ability to run COB reports.


19 of 28 revised 11.20.2020

Section 3 – ARC Special Requests Section 3 lists all of the special request roles for ARC and Concur use, which are enhanced levels of access needed by a select group of users. If these are not required, please do not select access in this section. Special roles will be reviewed and approved by the Controller’s office. For a complete description of all of the Special Request roles, see pages 4-8 of this handbook. Click “More information” on the form for details on the Special Requests, and click “Yes” if roles in this section are needed.

Roles in Section 3 include:

• Approval of procurement transactions over $500,000. Select the dollar threshold(s) and the department(s)/node(s) for transactions to be approved. Concur Special Roles are the Concur Financial Approver for $50,001 to unlimited access and Senior Business Officer Approver which provides approval access at the level 5 node(s). Select the departments from the left column and click the right arrow to move to the right column.

• Access to send voucher files from integrating systems (ex: Facilities, Patient Refunds)

• Bypass the segregation of duties requirements for procurement transactions. This is granted in very limited circumstances to small departments.

• Access to additional accounts for procurement transactions (revenue and balance sheet accounts). This is primarily granted to certain central departments.

• Approval of ChartField Request forms, for users who are responsible for a school/admin unit’s budgeting and finance structure.

• Initiate or approve general journal entries (access to balance sheet accounts). Initiator access is primarily granted to certain central departments. Each school/admin unit should have a senior financial officer with General Journal Approval.

• Initiate or approve cash transactions for departments that have bank accounts.

• Initiate grant and/or non-grant recharge center transactions, which bypass normal workflow. License number(s) and department number(s) are required.


20 of 28 revised 11.20.2020

• Access additional business units. Users are

granted standard business units based on campus (Morningside/CUMC); this would be requested if additional business units are needed.

• PS Query reporting access (requires SQL knowledge for senior financial or technical users).

Section 4 – FinSys User Access Section 4 lists the roles needed for viewing or transacting in FinSys. These include ZT time entry, Endowment Term Sheets, Cash Module, Budget Tool, and PAD. This access is set up by the school/admin unit DAF Administrator. For a complete description of all the roles, see page 10 of this handbook. In FinSys:

• Inquiry access allows a user to view information.

• Initiator access allows a user to create, modify, delete and view information.

• Preliminary Approver access allows a user to give preliminary approval (will not commit the transaction for processing) and to create, modify, delete and view information.

• Final Approver access allows a user to approve a transaction, and to create, modify, delete and view information.

Section 4 access includes:

• Sections 4.1 – 4.3 allow access to the ZT time entry modules for casual employees, union/non-union bi-weekly support staff, and weekly union staff.

• Section 4.4 allows access to view key terms and restrictions of funds on the Endowment Term Sheet website.

• Section 4.5 allows access to the Cash module to record all cash and checks received at the University.

• Section 4.6 allows access to the Budget Tool to view, enter and revise departmental budgets. Access to budget detailed payroll also requires PAD Initiator access.


21 of 28 revised 11.20.2020

• Section 4.7 grants the ability to see payroll detail in FDS reports. This is highly sensitive information and should only be requested if needed. PAD Initiator access also allows a user to budget detailed payroll in the Budget Tool. PAD access is typically granted based on department-level access to data. In certain circumstances, reporting and PAD access can be given based on ChartField attributes rather than departments (complete the Financial Inquiry Application in the ServiceNow Service Catalog).

All access in section 4 will require the user to select the Inquiry department(s)/nodes(s) for which the user should view transactions, and if an approval role is selected, or for which a user can approve transactions. There is a single Inquiry selection box for sections 4.1 - 4.6, however, PAD access has a separate selection box. Select the departments from the left column and click the right arrow to move to the right column. To remove a selected department, highlight the department in the right column and click the left arrow. Only a certain number of departments can be accessed with the scroll bar – use the search bar above the list of departments to search by number or name (type an * and then start typing the name). Section 5 – Historical Data (FY12 and earlier) Read Only Access Section 5 lists the roles needed for reviewing historical data (FY12 and earlier) in the legacy financial systems. This access is set up by the school/admin unit DAF Administrator. As these systems are based on FAS departments, the roles in this section are based on old FAS department numbers, rather than ARC departments/nodes. Click “Yes” if roles in this section are needed. Access may be granted to:

• AP/CAR – Invoice inquiry through canned reports

• BUD/DARTS – Inquiry to the General Ledger and payroll reports

• PAD – Payroll detail in DARTS


22 of 28 revised 11.20.2020

Submitting the Application

Once you have completed all necessary sections of the application, and have agreed to the terms of agreement, click on the “Order Now” button. This will not release your application for approval but will save it to your “shopping cart”.

On the Checkout page you must click “Checkout” in order to submit the application. If you leave the page without checking out, you will receive a daily automated reminder that checkout must be completed within 15 days or the application will be deleted. The saved form will be located in “My Shopping Cart” in the left navigation bar.

Once you have submitted the application, you will receive a security application number RITMXXXXXXX. You should use this number to locate the application in ServiceNow or reference the application with the Finance Service Center if you have any questions. You will also receive a request number REQXXXXXXX. This represents the overall request, which may have one or more “item(s)” or application(s).

Please note, the Checkout page references a delivery time of 5 days (or 7 if weekends are included). This is based on an average of 3-5 business days for processing, once all training (if required) has been completed. As the timing for manager and DAF approval and completion of training may vary, time to completion of your application may vary. Once submitted, you (and, if applicable, the user who you requested access for) will typically receive two email communications. One is an automated email notifying that your request has been opened and including the REQ and RITM numbers. If the application contains any roles that require training, the second email provides further detail about the training requirements. This email will list the roles that were selected on the application which require training to assist in completing training.

Application Processing

Once you submit the application, the application may pass through various stages to completion:

• Manager Approval (selected in Section 1.1). Your manager is able to return the application to you for editing. You will receive an email communication if this should occur. You can locate the application by clicking “My Service Requests” in the left navigation bar, which will display all applications you have submitted. When you click on the RITM number, you can edit the application as requested and return by clicking “Resubmit to Manager for Approval”. Please note, if you need to adjust the departments selected on the form, you must click “Reload”,


23 of 28 revised 11.20.2020

located in section 1.4 of the form. This will reload the entire list of departments belonging to the DAF Department selected.

If you completed the application on behalf of another user, and you were also entered as the manager, the application will skip this step and be routed directly to the DAF Administrator for approval.

• DAF Administrator Approval (the security administrators for the school/admin unit selected in 1.4). You will receive an email confirmation when the DAF Administrator approves the request, unless you have selected any special request roles in Section 3 of the application.

• Controller’s Office Approval. This approval step will only occur if you select any special request roles in Section 3 of the application. You may be contacted for further information about your request. You will receive an email confirmation when the Controller’s Office approves the request.

• Finance Training Review. The Finance Training team will review that all required training has been completed by the user. They will communicate as needed on outstanding training.

• Security Set Up. The CUIT Financial Security team sets up requested roles.

• P-card. This step will only occur if you selected a P-card role in section 2.3.

Once all steps have been completed, you will receive an email confirmation that access has been established. If you are a new user, or requested to add/update any reporting or inquiry roles, please note that your access will not be active until the morning following the date of the email. Otherwise, the access requested will be available.

Application Status

You can check the status of any application submitted. Click on “My Service Requests” in the left navigation bar and then click on the blue arrow in the “Stage” column to expand the status check.

In addition, a manager or DAF approver can also check the status of an application that they have approved. Click on “My Approvals” in the left navigation bar and then click on the RITM number to view the application. Once the application has


24 of 28 revised 11.20.2020

opened, click on the information button to the right of the Request field. Scroll down to the Requested Items tab, then click on the blue arrow in the “Stage” column to expand the status check.

The stages that the Financial Systems Security Application will pass through are listed in the Stage column:

• A green checkmark indicates a stage has been completed.

• A blue arrow indicates that a stage is in progress.

• A red “X” indicates that the application was rejected.


25 of 28 revised 11.20.2020

Section 5: Finance Security Applications – Manager Approval Process All Finance security requests must be approved by the manager of the applicant. If you are listed as the manager on a security request which you did not also submit, you will receive an email notification instructing you to log into ServiceNow and approve, reject or return the application for edit. The email will indicate what type of application it is (“Financial Systems Security Application”), who requested access, and who it is requested for. If an application was completed on a user’s behalf by someone who is also that user’s manager, it will skip the manager approval step.

Steps to Review and Approve a Security Application

1 Log into ServiceNow using the link provided in the email.

2 In the left-hand menu of ServiceNow click on “My Approvals”. From the list of security applications awaiting your approval, click on the RITM number you need to review. If you have multiple requests pending, you will need the RITM number to differentiate the items on your list. You also have the option of approving it in our new Columbia University ServiceNow Customer Portal.

3 Once you click on the RITM number, a

copy of the application form will open for your review. Information about the application, who requested the access, and who it is requested for is listed at the top. Once you are done reviewing the application, click on the arrow in the upper left corner of the request to return to your approval list.


26 of 28 revised 11.20.2020

4 From the approval list, click on the “Requested” link in the “State” column next to the application you have just reviewed. An approval screen will open. To approve the request, click on “Approve”. To reject the request, click on “Reject”. To return the request back to the submitter to make changes, click on “Return for Edit”. Please remember to include comments on these requests so that the person submitting the application knows what roles need to be updated. The email notification that the manager received to inform that approval is pending also contains hyperlinks to approve, reject or return for edit by email.

5 Once approved, the application will be removed from your “My Approvals” queue, and sent to the DAF administrator for his/her review and approval.

Section 6: Finance Security Applications – DAF Administrator Approval Process

All Finance security requests must be approved by the DAF Administrator for the departments to which access is being requested. If you are listed as the DAF Administrator on a security request, you will receive an email notification instructing you to log into ServiceNow and approve or reject the application. This notification is sent after the manager has approved the request and will indicate what type of application it is (“Financial Systems Security Application”) and the employee that submitted the request. If an application was completed on a user’s behalf by someone who is also that user’s manager, it will skip the manager approval step and route directly to the DAF Administrator.

Steps to Review and Approve a Security Application

1 Log into ServiceNow using the link provided in the email

2 In the left-hand menu of ServiceNow click on “My Approvals”. From the list of security applications awaiting your approval, click on the RITM number you need to review. If you have multiple items pending, you will need the RITM number to differentiate the items on your list.

3 Once you click on the RITM number, a copy of the application form will open for your review. Information about the application, who requested the access, and who it is requested for is listed at the top. As the DAF Administrator, you have the ability to make changes to the access requested directly in the form. If you need to edit the department selections, at the top of the form under Section 1.4, select


27 of 28 revised 11.20.2020

“Reload”. This will reload all departments in order to edit the application.

Once you are done reviewing and making any necessary updates to the application, click on “Save” to save your changes. You can click on the back arrow in the upper left corner of the request to return to your approval list. You can also scroll to the bottom of the application to locate the Approvers tab.

4 From the approval list or Approvers tab, click on the “Requested” link. An approval screen will open. To approve the request, click on “Approve”. To reject the request, click on “Reject”. This will cancel the existing request.

5 Once approved, the application will be removed from your “My Approvals” queue, and sent to Central Finance for training review (if training is required) and then to CUIT for processing. Applications that contain only roles with no required training will be sent directly to CUIT for processing.

6 To customize the information that is listed on the “My Approvals” tab, click on the gear screen in the upper left corner. Add or delete the fields that you wish to display.


28 of 28 revised 11.20.2020

7 If there is a need to print an application, click in the gear in the upper right corner of the application, scroll down and click on “Printer friendly version”

finance security handbook documents...finance security handbook 2 of 28 revised 11.20.2020 section...

Documents